]>
Commit | Line | Data |
---|---|---|
4e6e57cf | 1 | |
92c03668 P |
2 | # Comment out the next line to ignore configuration errors |
3 | config_diagnostics = 1 | |
4 | ||
4e6e57cf RS |
5 | CN2 = Brother 2 |
6 | ||
7 | #################################################################### | |
8 | [ req ] | |
4e6e57cf RS |
9 | distinguished_name = req_distinguished_name |
10 | encrypt_rsa_key = no | |
11 | default_md = sha1 | |
12 | ||
13 | [ req_distinguished_name ] | |
14 | countryName = Country Name (2 letter code) | |
15 | countryName_value = AU | |
16 | organizationName = Organization Name (eg, company) | |
17 | organizationName_value = Dodgy Brothers | |
18 | commonName = Common Name (eg, YOUR name) | |
19 | commonName_value = Dodgy CA | |
20 | ||
21 | #################################################################### | |
22 | [ userreq ] | |
4e6e57cf RS |
23 | distinguished_name = user_dn |
24 | encrypt_rsa_key = no | |
25 | default_md = sha256 | |
26 | prompt = no | |
27 | ||
28 | [ user_dn ] | |
29 | countryName = AU | |
30 | organizationName = Dodgy Brothers | |
31 | 0.commonName = Brother 1 | |
32 | 1.commonName = $ENV::CN2 | |
33 | ||
342e3652 DDO |
34 | [ empty ] |
35 | ||
4e6e57cf RS |
36 | [ v3_ee ] |
37 | subjectKeyIdentifier = hash | |
38 | authorityKeyIdentifier = keyid,issuer:always | |
39 | basicConstraints = CA:false | |
40 | keyUsage = nonRepudiation, digitalSignature, keyEncipherment | |
41 | ||
42 | [ v3_ee_dsa ] | |
43 | subjectKeyIdentifier = hash | |
44 | authorityKeyIdentifier = keyid:always | |
45 | basicConstraints = CA:false | |
46 | keyUsage = nonRepudiation, digitalSignature | |
47 | ||
48 | [ v3_ee_ec ] | |
49 | subjectKeyIdentifier = hash | |
50 | authorityKeyIdentifier = keyid:always | |
51 | basicConstraints = CA:false | |
52 | keyUsage = nonRepudiation, digitalSignature, keyAgreement | |
53 | ||
54 | #################################################################### | |
55 | [ ca ] | |
56 | default_ca = CA_default | |
57 | ||
58 | [ CA_default ] | |
59 | dir = ./demoCA | |
60 | certs = $dir/certs | |
61 | crl_dir = $dir/crl | |
62 | database = $dir/index.txt | |
63 | new_certs_dir = $dir/newcerts | |
64 | certificate = $dir/cacert.pem | |
65 | serial = $dir/serial | |
66 | crl = $dir/crl.pem | |
67 | private_key = $dir/private/cakey.pem | |
68 | x509_extensions = v3_ca | |
69 | name_opt = ca_default | |
70 | cert_opt = ca_default | |
71 | default_days = 365 | |
72 | default_crl_days= 30 | |
73 | default_md = sha1 | |
74 | preserve = no | |
75 | policy = policy_anything | |
76 | ||
77 | [ policy_anything ] | |
78 | countryName = optional | |
79 | stateOrProvinceName = optional | |
80 | localityName = optional | |
81 | organizationName = optional | |
82 | organizationalUnitName = optional | |
83 | commonName = supplied | |
84 | emailAddress = optional | |
85 | ||
86 | [ v3_ca ] | |
87 | subjectKeyIdentifier = hash | |
88 | authorityKeyIdentifier = keyid:always,issuer:always | |
89 | basicConstraints = critical,CA:true,pathlen:1 | |
90 | keyUsage = cRLSign, keyCertSign | |
91 | issuerAltName = issuer:copy |